VMware NSX: The Next Frontier of...
Transcript of VMware NSX: The Next Frontier of...
VMware NSX: The Next Frontier of Virtualization
Shawn Bolan
Microsoft Certified Trainer, VMware Certified Instructor, PRINCE2 Instructor
New Horizons of Nebraska
VMware NSX: The Next Frontier of Virtualization
• Welcome!
• Thank you for registering for this InfoTec Session!
• Your Presenter – Shawn Bolan, NH of Nebraska▪ VMware Certified Instructor, Microsoft Certified Trainer
▪ Technical Trainer Since 1998
▪ VMware Certifications – VCI (Level 2), VCP-DCV, VCP-Mobility, VCP-Cloud, VCP-NV, VCAP-DCA
▪ Microsoft Certifications (over 60) – MCT, MCSE, MCSA, MCITP, MCTS, MCP
▪ VMware Certified Instructor of the Quarter for the Americas, Q3 of 2013
Largest International Network
• 2,100 Classrooms
• 2,400 Instructors in 56 Countries
• 3 Million Student Days of Training per Year
Flexible, Integrated Learning Methods
• ILT – Instructor Led Training
• OLL – Online Live Virtual Delivery
• Private Group Training customized for your organization
Who Is New Horizons?
Proven, worldwide training provider with flexible learning solutions covering a broad spectrum of
topics taught by industry-leading instructors.
Agenda
• Welcome & Introduction
• Virtualization Review
• VMware NSX
• Summary & Classes
• Q & A at the end.
• Individual follow-up questions welcome at [email protected] or contact me on LinkedIn
VMware Virtualization Solutions
The VMware Virtualization Family
• Best of breed virtualization solutions for:▪ Server Virtualization – vSphere
▪ Desktop & Mobility – Horizon (View, Mirage, Workspace), Air Watch
▪ Cloud – vCloud Director, vCloud Automation Center, Horizon Air, vCloud Air
▪ Storage Virtualization – VSAN, vVOLs
▪ Network Virtualization – NSX
Server Virtualization
• Server virtualization (vSphere) is software that decouples the physical hardware from the operating system and provides solutions to many problems that are faced by IT staff
▪ vMotion & Storage vMotion
▪ High Availability (HA)
▪ VM Templates & Clones
▪ Fault Tolerance (FT)
▪ vCenter Server
▪ Standard & Distributed Switches
▪ Host Profiles
▪ Update Manager
• Virtualizing server infrastructure allowed VMware to start the evolution of the corporate data center
Desktop & Mobility
• Horizon is a family of desktop and application virtualization solutions designed to deliver Windows and online services from any cloud.
• VMware AirWatch Enterprise Mobility Management (EMM) delivers unified endpoint management, end-to-end security from devices to data center, and seamless integration across enterprise systems.
• VMware Mobility solutions extend the workspace to Any Application on Any Device from Any Location
Storage Virtualization
• VMware Virtual SAN is a radically simple, enterprise-class shared storage solution for hyper-converged infrastructure optimized for today’s all-flash performance
Cloud Computing
• Cloud services are all about simplicity. Vmware brings together the best of both on-premises and off-premises solutions. You can keep using your same tools and processes, and VMware do the rest.
▪ vCloud Air
▪ Platform-As-A-Service (Pivotal CF)
▪ vCloud Air Hybrid Cloud Manager
▪ Horizon Air
VMware NSX
Transforming Network Communication
Key Points
• Software powers the evolution of networks and data center infrastructure.
• Using the software-defined data center, organizations can meet business demands efficiently and flexibly.
• Using vSphere and VMware NSX, you can create virtual networks that provide a complete set of network services.
• VMware NSX can increase data center security by enabling a rich set of security services with microsegmentation.
Network Virtualization
• Networking virtualization without NSX:
What is missing?
NSX
VMware NSX is a network virtualization platform that you can use to build a rich set of logical networking and security services in a software-defined data center.
Virtual Networks and Network Virtualization
Distributed Switch
VLAN50 VLAN60 VLAN70
ESXi
Distributed Switch
VXLAN 5050
VXLAN 5060
VXLAN 5070
ESXi
VLAN TRUNKING 50, 60
The configurations show the difference between virtual networking and network virtualization.
VMware NSX Logical Switching
• Physical switching poses several challenges:▪ Virtual machine mobility
requiring L2 everywhere
▪ Large L2 physical network sprawl: Spanning Tree Protocol problems
▪ Hardware memory (MAC, TCAM) table limits
▪ Per-application or multitenant segmentation difficult
• Logical switching offers several benefits:▪ Enabling L2 over L3
infrastructure
▪ VXLAN-based overlay:Decoupling logical from physical networks
▪ Scalable multitenancy across the data center
▪ Reduces VLAN ID usage
VM
war
e N
SX
VMware NSX Logical Switch Example
• Logical switches extend layer 2 connectivity across layer 3 boundaries.
vSphere Host
Logical Switch
172.16.10.11/24
Physical Network
vSphere Host vSphere Host
10.20.10.10/24 10.20.20.11/24 10.20.30.12/24
172.16.10.12/24
VM
1
VM
2
VXLAN 5001 172.16.10.13/24
VM
3
VMware NSX Logical Routing Example
• Distributed logical routing provides optimized east-west routing within the hypervisor at line rate.
VXLAN 5001
VXLAN 5000
VM1
VM2
ESXi Host A ESXi Host B
DLR DLR
VMware NSX Logical Routing
• Physical routing poses several challenges:▪ Multitenant routing
complexity
▪ Traffic hairpins
• VMware NSX routing offers several benefits:▪ Optimized east-west and
north-south traffic flows
▪ Distributed hypervisor-based logical routing
▪ Support for OSPF and BGP routing protocols
L2
L2
L2
VM to VM Routed Traffic Flow
NSX Edge Network Services
• NSX Edge provides common gateway services such as DHCP, VPN, NAT, routing, and load balancing:
▪ Integrated L3 through L7 services
▪ Virtual appliance model to provide rapid deployment and scale-out
• NSX Edge provides the following benefits:
▪ Near real-time service instantiation
▪ Support for dynamic service differentiation per tenant or application
Routing and NAT
Firewall
Load Balancing
VPN
DHCP and DNS RelayDDI
VM VM VM VM VM
NSX Edge Load Balancer
• The NSX Edge load balancer enables application or service requests to be distributed across multiple back-end servers in a pool.
Load sharing:
• Load is distributed across multiple back-end servers
Service high availability:
• Servers or applications that fail are automatically removed from the pool.
Benefits:
• The NSX Edge load balancer provides improved application availability.
• It offers improved scalability through load distribution.
Web1a Web1cWeb1b
NSX EdgeLoad Balancer
Public Cloud
Logical Layer 2 VPN
• SSL-based
• Web-proxy support
• L2 bridge to cloud
Features
• High performance: AES-NI acceleration
• 750 Mbps-plus throughput per tenant
Scale and Performance
• Cloud onboarding
• Cloud bursting
• Data center migration
Use Cases
VM VM VM
Distributed Firewall
• Centralized hardware
• Decentralized management• Compound policy challenges • Coordination of enforcement across multiple
devices• Static service chains
• Rules based on IP addresses
• Rate limitation
• Distributed at hypervisor level
• vNIC-level microsegmentation
• Dynamic service chains
• Virtual machine name, vCenter Server
objects, identity-based rules
• Line rate about 20 Gbps per host
Challenges Benefits
Physical Firewalls Distributed Firewall
VMware NSX API
fw1>_
fw2>_
fw…>_
fw98>_
fw99>_
VMware NSX Firewalls: Centralized Policy and Microsegmentation
• VMware NSX firewalls offer innovative features:▪ Centralized management of hypervisor-based distributed firewalls
and NSX Edge firewalls.
▪ Microsegmentation: Every virtual NIC is subject to policy processing at ingress and egress.
▪ Policies based on network, vCenter Server objects as well as security posture of the workload.
Internet
Perimeter Firewalls
CloudManagementPlatform
Dev
Test
Production
Isolation
Web
App
DB
NoCommunication Path
ControlledCommunication Path
Web
App
DB
Advanced Services Controlled Communication Path
SegmentationSegmentation with Advanced Services
Isolation, Segmentation, and Advanced Services
• VMware NSX enables and simplifies workload segmentation and
transparent insertion of advanced services.
Key Points
• Software powers the evolution of networks and data center infrastructure.
• Using the software-defined data center, organizations can meet business demands efficiently and flexibly.
• Using vSphere and VMware NSX, you can create virtual networks that provide a complete set of network services.
• VMware NSX can increase data center security by enabling a rich set of security services with microsegmentation.
NSX Training
NSX Install, Configure, Manage (5 days)
• This comprehensive, fast-paced training course focuses on installing, configuring, and managing VMware NSX™. This course covers VMware NSX as a part of the software-defined data center platform, features of VMware NSX, and functionality operating at Layer 2 through Layer 7 of the OSI model. Lecture and hands-on lab activities support your understanding of VMware NSX features, functionality, and on-going management.
NSX For Internetworking Fast Track (5 extended days)
• This 5-day comprehensive, fast-paced training course provides experienced Cisco Network Administrators with the skills to install, configure, and manage NSX in their Cisco environment.
• Available at New Horizon of Omaha June 26-30
Questions?
• Any questions???
• Please fill out the session on the SCHED site at
http://infotec2017.sched.com
Thank You For Your Attending!
Please Contact Your New Horizons Representative
For More Information About Our Class Schedule